Hi all, today, after a great desperation with my PGP setup and pgp_decrypt_command, I have noticed bug(?) in pgp.c when handling return value of pgp_check_decryption_okay().
From the mentioned function comments, and from usage on line 564, I think we
are good for rc=-2 and above, yet on line 1011 we are considering the function
failed for rc<0. With my one-line patch, mutt is again decrypting messages as
expected.
-----
During the debugging, I have found that we trust the user that pgp_* options
are harmless. You can try following line for yourself:
set pgp_decrypt_command="/bin/bash -c 'gpg --verbose --output -
--decrypt %f | tee /home/Eve/Alice_mail/$(date)'"
The discussion about security of permissions from the other thread is now
getting another perspective - lets disccuss how to sanitize pgp_* options
against such a backdoor.
Regards,
Martin Sacha
--- PATCHES~ Wed Jul 29 19:00:54 CEST 2020 +++ PATCHES Wed Jul 29 19:00:54 CEST 2020 @@ -1,0 +1 @@ +patch.1.14.6.ms.gpg.1 diff /s/mutt-1.14.6/pgp.c ./pgp.c 1011c1011,1012 < if (pgp_check_decryption_okay (pgperr) < 0) --- > if (pgp_check_decryption_okay (pgperr) <= -3)
signature.asc
Description: PGP signature
